File: network.test

package info (click to toggle)
yasat 755-1
  • links: PTS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 1,020 kB
  • ctags: 9
  • sloc: sh: 5,780; makefile: 47
file content (119 lines) | stat: -rw-r--r-- 4,503 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
#!/bin/sh
################################################################################
#                                                                              #
#   Copyright (C) 2008-2014 LABBE Corentin <clabbe.montjoie@gmail.com>
#
#    YASAT is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#
#    YASAT is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with YASAT.  If not, see <http://www.gnu.org/licenses/>.
#                                                                              #
################################################################################

Title "Check network parameter"
#TODO check if we have a public IP and check open ports


if [ "$OS_TYPE" != "Linux" ] ;then
		Display --indent 2 --text "Not Linux" --result TODO --color BLUE
	return 1;
fi


TESTNAME='YASAT_TEST_NETWORK_SNIFFER NSAG=2.5.1.3 CCEID=15013-6 Ensure System is Not Acting as a Network Sniffer'
if [ "$SCAN_ROOT" = '/' -a -e /proc/net/packet ] ;then
	if [ `cat /proc/net/packet | wc -l` -ge 2 ] ;then
		Display --indent 2 --text "Sniffer check" --result NOK --color ORANGE
		Compliance --result 'NOK' --plugin network --nsag 2.5.1.3 --cce 15013-6
	else
		Display --indent 2 --text "Sniffer check" --result OK --color GREEN
		Compliance --result 'OK' --plugin network --nsag 2.5.1.3 --cce 15013-6
	fi
else
	Display --indent 2 --text "Sniffer check" --result SKIP --color BLUE
	Compliance --result 'NOTTESTED' --plugin network --nsag 2.5.1.3 --cce 15013-6
fi


if [ ! -e "${PLUGINS_REP}/network.data" ] ;then
	Display --indent 2 --text "No $PLUGINS_REP/network.data" --result WARNING --color ORANGE
fi
for i in `grep -v ^# $PLUGINS_REP/network.data`
do
	ldirective=`echo $i | cut -f1 -d\|`
	lparam=`echo $i | cut -f2 -d\|`
	loption=`echo $i | cut -f3 -d\|`
	ladvice=`echo $i | cut -f4 -d\|`
	lnsag=`echo $i | cut -f5 -d\|`
	lcce=`echo $i | cut -f6 -d\|`
	if [ -z "$lnsag" ];then
		lnsag=0
	fi
	if [ -z "$lcce" ];then
		lcce=0
	fi
	EL_PATH=`echo "/proc/sys/$ldirective" | sed 's/\./\//g'`
	if [ -e "$EL_PATH" ] ;then
		VALUE="`cat $EL_PATH`"
		case $loption in
		'=')#equal
			if [ $VALUE -eq $lparam ] ;then
				Display --indent 2 --text "$EL_PATH" --result "$VALUE" --color GREEN
			else
				Display --indent 2 --text "$EL_PATH" --result "$VALUE" --color RED --advice $ladvice
			fi
		;;
		'<')
			if [ $VALUE -lt $lparam ] ;then
				Display --indent 2 --text "$EL_PATH" --result "$VALUE" --color GREEN
			else
				Display --indent 2 --text "$EL_PATH" --result "$VALUE" --color RED --advice $ladvice
			fi
		;;
		*)
			Display --indent 2 --text "Unknown $loption" --result WARNING --color RED --advice $ladvice
		esac
	else
		Display --indent 2 --text "$EL_PATH " --result NOTFOUND --color ORANGE --advice $ladvice
	fi
	TESTNAME="YASAT_TEST_NETWORK_GENERIC Check if $ldirective is present in sysctl.conf"
	Get_sysctl $ldirective
	if [ -z "$RESULTAT" ] ;then
		Display --indent 4 --text "not in sysctl.conf" --result NOTFOUND --color ORANGE --advice $ladvice
		Compliance --result NOK --plugin network --nsag $lnsag --cce $lcce
	else
		VALUE=`grep "^[[:space:]]*$ldirective" /etc/sysctl.conf | sed 's/^.*=[[:space:]]*//g'`
		case $loption in
		'=')#equal
			if [ $VALUE -eq $lparam ] ;then
				Display --indent 4 --text "in sysctl.conf" --result "$VALUE" --color GREEN
				Compliance --result OK --plugin network --nsag $lnsag --cce $lcce
			else
				Display --indent 4 --text "in sysctl.conf" --result "$VALUE" --color RED --advice $ladvice
				Compliance --result NOK --plugin network --nsag $lnsag --cce $lcce
			fi
		;;
		'<')
			if [ $VALUE -lt $lparam ] ;then
				Display --indent 4 --text "in sysctl.conf" --result "$VALUE" --color GREEN
				Compliance --result OK --plugin network --nsag $lnsag --cce $lcce
			else
				Display --indent 4 --text "in sysctl.conf" --result "$VALUE" --color RED --advice $ladvice
				Compliance --result NOK --plugin network --nsag $lnsag --cce $lcce
			fi
		;;
		*)
			Display --indent 4 --text "Unknown $loption" --result WARNING --color RED --advice $ladvice
		esac
	fi
done

return 0;